February 18, 2012

Securing Windows With Password for UAC (A Pseudo-Sudo for Windows)

One of the most loathed attributes of Linux is security and the concept of root user,access rights for different user is a key to Linux's Security. After I got my new laptop , I ran into a lot of issues with linux ,especially the drivers. Starting from the graphics drivers, sound drivers , to hotkeys, backlight control has issues. They never worked. So I decided to switch to Windows 7 as my primary OS and install Linux in a virtual machine. The one feature that I missed badly was the regular prompt for my password in linux which gave me a sense of security at-least from the hungry claws of my friends who eagerly wait for a chance to grab my laptop , screw up the settings and play a game of hide and seek with my files and end it with a "Guess The Password" game. For this very reason , I wanted some sort of password protection in windows , which would work like sudo , prompt me a password whenever settings / apps have to be started with admin privileges.So after a few seconds of Google-ing , I found out that Microsoft had an option to prompt for the password instead of the useless UAC dialogue box. In Windows 7/8 Professional/Ultimate , it is available in the security policy control panel. For others you need to change a registry value via Regedit.

Steps

1) Go to Run (Win+R) and type "regedit" in the box.

2) In the bar on the left, navigate to HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/SystemClick on System. 3)The registry key that we need to change is ConsentPromptBehaviorAdmin: The key for that is : 0 = Elevate without prompting 1 = Prompt for credentials on the secure desktop** 2 = Prompt for consent on the secure desktop 3 = Prompt for credentials 4 = Prompt for consent 5 = Prompt for consent for non-Windows binaries In our case , we need to set it to 1.

4) So right click on ConsentPromptBehaviourAdmin->Modify Check Hexadecimal and set the value as 1. Now exit the editor, logoff , restart the computer. The next time Admin privileges are required , it will prompt you for the password like below

Although , this is can be by-passed by certain software , your friends can't bypass it . So do Lock your computer whenever you are letting it alone!